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DETAILED ACTION 
Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 14 and 15 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Claims 14 and 15 are dependent on claim 5. Claim 5 has been cancelled by the 
applicant in this amendment. Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have. been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1, 3, 4, 6-11, 14, 15, 27, 28, 30, 35, 37-44, and 53-56 are rejected under 

35 U.S.C. 103(a) as being unpatentable over Genty et al (US Patent #6,473,863) in 

view of Chen et al (US Patent #6,353,593) in view of Maeshima et al (US Patent 

#6,092,113). 

Claim 1 discloses a method comprising: establishing a packet tunnel having a 
source network address and a destination network address; reserving for the packet 
tunnel an amount of bandwidth within an access link; detecting a network attack; 
selecting a new network address for at least one of the source network address and the 
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destination network address upon detecting the network attack; establishing a new 
packet tunnel using the new network address, wherein the new packet tunnel comprises 
two or more concatenated packet tunnels; canceling the reserved bandwidth for the 
packet tunnel after establishing the new packet tunnel; and reserving for the new packet 
tunnel an amount of bandwidth within the access link upon canceling the reserved 
bandwidth for the packet tunnel. Genty et al teaches of a tunnel between a source and 
destination (figure 7), an attack is detected (column 5, lines 48-52), a secondary tunnel 
can be established with different addresses (column 5, lines 63-67 - column 6, lines 1- 
6, 20-24), a secondary tunnel is established (figure 7), and upon detecting a network 
attack canceling the bandwidth in the packet tunnel (column 6, lines 31-33). It fails to 
teach of reserving for the packet tunnel an amount of bandwidth within an access link, 
the new packet tunnel comprises two or more concatenated packet tunnels, and 
reserving for the new packet tunnel an amount of bandwidth within the access link upon 
canceling the reserved bandwidth for the packet tunnel. Chen et al teaches of a virtual 
path connection (VPC) 38 which must be concatenated to the destination links in order 
for the virtual channel connections (VCCs) 36 carried by VPC 38 to be routed on the 
destination links to their destination, (figure 1 , column 4, lines 8-21). 

Genty et al and Chen et al are analogous art because they are both related to 
data protection over a network. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the concatenation in Chen et al with the system in Genty et al 
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because an improved protection architecture is provided for virtual connections in a 
network (Chen et al, column 1 , lines 33-45). 

Genty et al in view of Chen et al teaches of the limitations as recited above. It 
fails to teach of reserving for the packet tunnel an amount of bandwidth within an 
access link and reserving for the new packet tunnel an amount of bandwidth within the 
access link upon canceling-the reserved bandwidth for the packet tunnel. Maeshima et 
al teaches of reserving bandwidth for every IP tunnel on the network (column 3, lines. 1- 
23, 28-32) and reserves the bandwidth once needed (column 5, lines 28-41). 

Genty et al in view of Chen et al and Maeshima et al are analogous art because 
they are related to virtual private network setup. 

. At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the bandwidth reservation in Maeshima et al with the system in 
Genty et al in view of Chen et al because it is possible to construct a VPN which 
enables assurance of bandwidth (Maeshima, column 3, lines 42-46). 

Claim 3 discloses the method of claim 1, wherein the source network address 
and the destination network address comprise Internet Protocol (IP) addresses. Genty 
et al further teaches the addresses are IP addresses (column 5, lines 1-5). 

Claim 4 discloses the method of claim 1 , wherein detecting a network attack 
comprises detecting an attack on the access link coupling a destination network device 
to a network. Genty et al further teaches an attack can be detected on the network 
(column 5, lines 48-52). 



) 
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Claim 6 discloses the method of claim 1, further comprising exchanging a set of 
available network addresses between a source network device originating the packet 
tunnel and a destination network device terminating the packet tunnel. Genty et al 
further teaches each device has a set of several addresses, which are exchanged to 
each device (column 5, lines 34-41). 

Claim 7 discloses the method of claim 1, further comprising wherein selecting a 
new network address comprises: maintaining a set of available network addresses; and 
selecting one of the network addresses as the new network address. Genty et al further 
teaches of maintaining a set of available addresses and selecting an address as a net 
address and making a new tunnel (Genty et al, column 5, lines 34-41, 48-59, 63-67 - 
column 6, lines 1-6). 

Claim 8 discloses the method of claim 1 , wherein establishing a new packet 
tunnel using the new network address further comprises: selecting an intermediate 
network device; establishing a first packet tunnel that terminates on the intermediate 
network device; and establishing a second packet tunnel that originates from the 
intermediate network. Chen'et al further teaches of the VPC must be concatenated to 
the destination links in order for the VCCs carried by VPC to be routed on the 
destination links to their destination, which forms a continuous packet tunnel from 
multiple concatenated tunnels with intermediate devices, when a new path is chosen 
the intermediate devices are inherently chosen during the route selection (column 2, 
lines 10-18, and 23-28). 
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Claim 9 discloses the method of claim 8, further comprising: sending a message 
from a destination network device to a source network device instructing the source 
network device to establish the first packet tunnel with the intermediate network device; 
and reserving for the second packet tunnel an amount of bandwidth within the access 
link coupling the destination network device to a network. Maeshima et al further 
teaches of establishing a first tunnel with an intermediate device and the reservation of 
bandwidth for a second tunnel (figure 9A, column 4, lines 44-49, column 5, lines 28-36). 

Claim 10 discloses the method of claim 9, further comprising: establishing a 
secure signaling channel between the source network device and the destination 
network device; and sending the message via the secure signaling channel. Genty et al 
further teaches of a virtual private network as a secure connection and sending data 
over a secure channel (column 1, lines 19-25, figure 7). 

Claim 11 discloses the method of claim 8, further comprising de-encapsulating at 
the intermediate network device packets received from the first packet tunnel; and re- 
encapsulating the packets at the intermediate network device for communication via the 
second packet tunnel. Genty et al further teaches of encapsulating a packet for 
transmission through a tunnel and using this encapsulation is widely known in the art 
(column 4, lines 9-15). 

Claim 14 discloses the method of claim 5, wherein reserving an amount of 
bandwidth comprises sending a reservation message from a destination network device 
terminating the packet tunnel to a service provider access device. Maeshima further 
teaches of sending a message from a host (column 3, lines 28-32). 
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Claim 15 discloses the method of claim 14, wherein sending a reservation 
message comprises sending the reservation message according to the Resource 
Reservation Protocol (RSVP). Maeshima further teaches of using RSVP to reserve the 
bandwidth (column 3, lines 14-16). 

Claim 27 discloses a method comprising: establishing virtual private network 
service including a packet tunnel having a source network address and a destination 
network address; reserving for the packet tunnel an amount of bandwidth within an 
access link; detecting a network attack; establishing new virtual private network service 
upon detecting the network attack, wherein the new virtual private network service 
comprises two or more concatenated packet tunnels and canceling the reserved 
bandwidth for the packet tunnel after establishing the new virtual private network 
service. Genty et al teaches of a tunnel between a source and destination (figure 7), an 
attack is detected (column 5, lines 48-52), a secondary tunnel is established (figure 7), 
and upon detecting a network attack canceling the bandwidth in the packet tunnel 
(column 6, lines 31-33). It fails to teach of reserving for the packet tunnel an amount of 
bandwidth within an access link and the new packet tunnel comprises two or more 
concatenated packet tunnels. Chen et al teaches of a virtual path connection (VPC) 38 
which must be concatenated to the destination links in order for the virtual channel 
connections (VCCs) 36 carried by VPC 38 to be routed on the destination links to their 
destination, (figure 1, column 4, lines 8-21). 

Genty et al and Chen et al are analogous art because they are both related to 
data protection over a network. 
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At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the concatenation in Chen et al with the system in Genty et al 
because an improved protection architecture is provided for virtual connections in a 
network (Chen et al, column 1, lines 33-45). 

Genty et al and Chen et al teaches of the limitations as recited above. It fails to 
teach of reserving for the packet tunnel an amount of bandwidth within an access link. 
Maeshima et al teaches of reserving bandwidth for every IP tunnel on the network 
(column 3, lines 1-23, 28-32). 

Genty et al in view of Chen et al and Maeshima et al are analogous art because 
they are related to virtual private network setup. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the bandwidth reservation in Maeshima et al with the system in 
Genty et al in view of Chen et al because it is possible to construct a VPN which 
enables assurance of bandwidth (Maeshima, column 3, lines 42-46). 

Claim 28 discloses the method of claim 27, wherein establishing the new virtual 
private network service comprises: selecting an intermediate network device upon 
detecting the network attack; establishing a first packet tunnel from the source network 
address and terminating on the intermediate network device; and establishing a second 
packet tunnel originating from the intermediate network device and terminating at the 
destination network address. Chen et al further teaches of the VPC must be 
concatenated to the destination links in order for the VCCs carried by VPC to be routed 
on the destination links to their destination, which forms a continuous packet tunnel from 
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multiple concatenated tunnels with intermediate devices, when a new path is chosen 
the intermediate devices are inherently chosen during the route selection (column 2, 
lines 10-1 8, and 23-28). 

Claim 30 discloses the method of claim 27, wherein detecting a network attack 
comprises detecting an attack on an access link coupling a destination network device 
to a network. Genty et al further teaches an attack can be detected on the network 
(column 5, lines 48-52). 

Claim 35 discloses a system comprising a source device coupled to a network; 
and a destination device coupled to the network, wherein the source device and the 
destination device establish a packet tunnel having a source network address and a 
destination network address, reserve for the packet tunnel an amount of bandwidth 
within an access link, upon detecting a network attack, select a new network address for 
at least one of the source network address and the destination network address 
establish a new packet tunnel, wherein the new packet tunnel comprises two or more 
concatenated packet tunnels, and cancel the reserved bandwidth for the packet tunnel 
after the new packet tunnel is established. Genty et al teaches of a tunnel between a 
source and destination, an attack is detected, a secondary tunnel is established 
(column 5, lines 48-52, figure 7), and upon detecting a network attack canceling the 
bandwidth in the packet tunnel (column 6, lines 31-33). It fails to teach of reserving for 
the packet tunnel an amount of bandwidth within an access link and the new packet 
tunnel comprises two or more concatenated packet tunnels. Chen et al teaches of a 
virtual path connection (VPC) 38 which must be concatenated to the destination links in 
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order for the virtual channel connections (VCCs) 36 carried by VPC 38 to be routed on 
the destination links to their destination, (figure 1, column 4, lines 8-21). 

Genty et al and Chen et al are analogous art because they are both related to 
data protection over a network. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the concatenation in Chen et al with the system in Genty et al 
because an improved protection architecture is provided for virtual connections in a 

K 

network (Chen et al, column 1, lines 33-45). 

Genty et al and Chen et al teaches of the limitations as recited above. It fails to 
teach of reserving for the packet tunnel an amount of bandwidth within an access link. 
Maeshima et al teaches of reserving bandwidth for every IP tunnel on. the network 
(column 3, lines 1-23, 28-32). 

Genty et al in view of Chen et al and Maeshima et al are analogous art because 
they are related to virtual private network setup. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the bandwidth reservation in Maeshima et al with the system in 
Genty et al in view of Chen et al because it is possible to construct a VPN which 
enables assurance of bandwidth (Maeshima, column 3, lines 42-46). 

Claim 37 discloses the system of claim 35, wherein the source network address 

r 

and the destination network address comprise Internet Protocol (IP) addresses. Genty 
et al further teaches the addresses are IP addresses (column 5, lines 1-5). 
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Claim 38 discloses the system of claim 35, wherein the destination device and 
the source device comprise edge routers that couple local area networks to the network. 
Genty et al further teaches the system can be accomplished by routers (column 3, lines 
21-26). 

Claim 39 discloses the system of claim 35, wherein the destination device 
detects an attack on an access link coupling the destination device to the network. 
Genty et al further teaches an attack can be detected on the network (column 5, lines 
48-52). 

Claim 40 discloses the system of claim 35, wherein, upon the reserved 
bandwidth for the packet tunnel being canceled, the destination device reserves for the 
new packet tunnel an amount of bandwidth within the access link. Maeshima et al 
further teaches of reserving the bandwidth once needed (column 5, lines 28-41). 

Claim 41 discloses the system of claim 35, wherein the destination device and 
the source device exchange a set of available network addresses for the source 
network address and the destination network address of the packet tunnel. Genty et al 
further teaches each device has a set of several addresses, which are exchanged to 
each device (column 5, lines 34-41). 

Claim 42 discloses the system of claim 35, wherein the destination device 
comprises a storage medium to store a set of available network addresses for use as 
the source network address and the destination network address of the packet tunnel. 
Genty et al further teaches each device has a set of several addresses (column 5, lines 
34-41). 
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Claim 43 discloses the system of claim 35, wherein the source device and 
destination device establish the packet tunnel by establishing a first packet tunnel that 
terminates on an intermediate network device, and establishing a second packet tunnel 
that originates from the intermediate network device. Chen et al further teaches of the 
VPC must be concatenated to the destination links in order for the VCCs carried by 
VPC to be routed on the destination links to their destination, which forms a continuous 
packet tunnel from multiple concatenated tunnels with intermediate devices (column 2, 
lines 10-18, and 23-28). 

Claim 44 discloses the system of claim 43, wherein the intermediate network 
device de-encapsulates packets received from the first packet tunnel and re- 
encapsulates the packets for communication to the destination device via the second 
packet tunnel. Genty et al further teaches of encapsulating a packet for transmission 
through a tunnel and using this encapsulation is widely known in the art (column 4, lines 
9-15). 

Claim 53 discloses a computer-readable medium comprising instructions to 
cause a processor to: establish a packet tunnel having a source network address and a 
destination network address; reserve for the packet tunnel an amount of bandwidth 
within an access link; detect a network attack; select a new network address for at least 
one of the source network address and the destination network address upon detecting 
the network attack; establish a new packet tunnel using the new network address, 
wherein the new packet tunnel comprises two or more concatenated packet tunnels; 
and cancel the reserved bandwidth for the packet tunnel after the new packet tunnel is 
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established. Genty et al teaches of a tunnel between a source and destination (figure 
7), an attack is detected (column 5, lines 48-52), a secondary tunnel can be established 
with different addresses (column 5, lines 63-67 - column 6, lines 1-6, 20-24), a 
secondary tunnel is established (figure 7), and upon detecting a network attack 
canceling the bandwidth in the packet tunnel (column 6, lines 31-33). It fails to teach of 
reserving for the packet tunnel an amount of bandwidth within an access link and the 
new packet tunnel comprises two or more concatenated packet tunnels. Chen et al 
teaches of a virtual path connection (VPC) 38 which must be concatenated to the 
destination links in order for the virtual channel connections (VCCs) 36 carried by VPC 
38 to be routed on the destination links to their destination, (figure 1, column 4, lines 8- 
21). 

Genty et al and Chen et al are analogous art because they are both related to 
data protection over a network. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the concatenation in Chen et al with the system in Genty et al 
because an improved protection architecture is provided for virtual connections in a 
network (Chen et al, column 1, lines 33-45). 

Genty et al and Chen et al teaches of the limitations as recited above. It fails to 
teach of reserving for the packet tunnel an amount of bandwidth within an access link. 
Maeshima et al teaches of reserving bandwidth for every IP tunnel on the network 
(column 3, lines 1-23, 28-32). 
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Genty et al in view of Chen et al and Maeshima et al are analogous art because 
they are related to virtual private network setup. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the bandwidth reservation in Maeshima et al with the system in 
Genty et al in view of Chen et al because it is possible to construct a VPN which 
enables assurance of bandwidth (Maeshima, column 3, lines 42-46). 

Claim 54 discloses the computer-readable medium of claim 53, further 
comprising instructions to cause the processor to: upon the reserved bandwidth for the 
packet tunnel being canceled, reserve for the new packet tunnel an amount of 
bandwidth within the access link. Maeshima et al further teaches of reserving the 
bandwidth once needed (column 5, lines 28-41). 

Claim 55 discloses the computer-readable medium of claim 53, further 
comprising instructions to cause the processor to: maintain a set of available network 
addresses; and select one of the network addresses as the new network address. 
Genty et al further teaches of maintaining a set of available addresses and selecting an 
address as a net address and making a new tunnel (Genty et al, column 5, lines 34-41, 
48-59, 63-67 - column 6, lines 1-6). 

Claim 56 discloses the computer-readable medium of claim 53, further 
comprising instructions to cause the processor to: select an intermediate network 
device; establish a first packet tunnel that terminates on the intermediate network 
device; and establish a second packet tunnel that originates from the intermediate 
network device. Chen et al further teaches of the VPC must be concatenated to the 
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destination links in order for the VCCs carried by VPC to be routed on the destination 
links to their destination, which forms a continuous packet tunnel from multiple 
concatenated tunnels with intermediate devices, when a new path is chosen the 
intermediate devices are inherently chosen during the route selection (column 2, lines 
10-18, and 23-28). 

Claims 2 and 36 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Genty et al (US Patent #6,473,863) in view of Chen et al (US Patent #6,353,593) in 
view of Maeshima et al (US Patent #6,092, 1 1 3) as applied to claims 1 and 35 above, 
and further in view of Adams et al (US PGPUB US2003/0016679). 

Claims 2 and '36 disclose the method and system of claims 1 and 35 wherein the 
source network address and the destination network address comprise port numbers. 
Genty et al in view of Chen et al in view of Maeshima et al teaches of the limitations of 
claims 1 and 35 as recited above. It fails to teach of the addresses comprising of port 
numbers. Adams et al teaches of control information being an IP address or a port 
number among other information (paragraph 21, lines 1-8). 

Genty et al in view of Chen et al in view of Maeshima et al and Adams et al are 
analogous art because they are both related to routing data over a network. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the control information in Adams et al with the system in Genty et al 
in view of Chen et al in view of Maeshima et al because the packet is able to be sent to 
its next destination once the information is known (Adams et al, paragraph 21, lines 8- 
12). 



Application/Control Number: 10/057,043 Page 16 

Art Unit: 2141 

Claims 12, 13, 45, and 46 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Genty et al (US Patent #6,473,863) in view of Chen et al (US Patent 
#6,353,593) in view of Maeshima et al (US Patent #6,092,113) as applied to claims 8 
and 43 above, and further in view of Jorgensen (US PGPUB US2002/0099854). 

Claim 12 discloses the method of claim 8, further comprising: establishing a 
secure signaling channel between a source network device and a destination network 
device; sending via the secure signaling channel control packets between the source 
network device and the destination network device to monitor the performance of the 
first and second packet tunnels; and selecting a new intermediate network device when 
the performance reaches a minimum threshold. Genty et al in view of Chen et al in view 
of Maeshima et al teaches of the limitations of claim 8 as recited above. It fails to teach 
of sending messages to monitor performance and making changes based on 
performance. Jorgensen teaches of monitoring, control, service, modify and repair a 
system by sending messages monitoring the performance and making changes based 
on performance (paragraph 612). 

Genty et al in view of Chen et al in view of Maeshima et al and Jorgensen are 
analogous art because they are related to network setup and control. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the monitoring in Jorgensen with the system in Genty et al in view 
of Chen et al in view of Maeshima et al because proactive provisioning of additional 
resources can occur (paragraph 612, lines 7-9). 
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Claim 13 discloses the method of claim 12, further comprising maintaining a set 
of possible intermediate network devices, and wherein selecting the intermediate 
network device comprises selecting one of the possible intermediate network devices 
from the set. Genty et al further teaches of each device has a set of several addresses, 
which are exchanged to each device, and the second device is selected from this list 
(column 5, lines 34-41). 

Claim 45 discloses the system of claim 43, wherein the source device and the 
destination device establish a secure signaling channel and send via the secure 
signaling channel control packets to monitor the performance of the first and second 
packet tunnels. Genty et al in view of Chen et al in view of Maeshima et al teaches of 
the limitations of claim 43 as recited above. It fails to teach of monitoring performance. 
Jorgensen teaches of monitoring, control, service, modify and repair a system by 
sending messages monitoring the performance (paragraph 612). 

Genty et al in view of Chen et al in view of Maeshima et al and Jorgensen are 
analogous art because they are related to network setup and control. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the monitoring in Jorgensen with the system in Genty et al in view 
of Chen et al in view of Maeshima et al because proactive provisioning of additional 
resources can occur (paragraph 612, lines 7-9). 

Claim 46 discloses the system of claim 45, wherein the destination device selects 
a new intermediate network device when the performance reaches a minimum 
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threshold. Jorgensen further teaches of making changes based on the performance 
when monitoring (paragraph 612). 

Claims 16, 17, and 29 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Genty et al (US Patent #6,473,863) in view of Chen et al (US Patent 
#6,353,593) in view of Maeshima et al (US Patent #6,092,1 1 3) as applied to claims 1 
and 27 above, and further in view of Shawcross (US Patent #6,880,090). 

Claim 16 discloses the method of claim 1 , wherein establishing a packet tunnel 
comprises: maintaining a set of available multicast network addresses; selecting one of 
the multicast network addresses for the packet tunnel; and subscribing to a multicast 
channel for the selected multicast network address. Genty et al in view of Chen et al in 
view of Maeshima et al teaches of the limitations of claim 1 as recited above. It fails to 
teach of using multicast addresses. Shawcross teaches of maintaining a set of 
multicast addresses, selecting a multicast address and subscribing to the multicast 
addresses (column 5, lines 60-67, column 6, lines 1-5). 

Genty et al in view of Chen et al in view of Maeshima et al and Shawcross are 
analogous art because they are related to network attack prevention. 

At the time of the invention it would have been obvious to a person of ordinary . 
skill in the art to use the multicast addressing in Shawcross with the system in Genty et 
al in view of Chen et al in view of Maeshima et al because the technique prevents 
unauthorized personnel from knowing which address to disrupt (Shawcross, column 6, 
lines 12-14). 
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Claim 17 discloses the method of claim 16, wherein establishing a new packet 
tunnel comprises: unsubscribing to the multicast channel; selecting one of the multicast 
network addresses for the destination network address; establishing a new packet 
tunnel using the new destination address; and subscribing to a multicast channel for the 
selected multicast network address. Shawcross further teaches of unsubscribing the 
multicast channel, selecting a multicast channel, establishing a new tunnel and 
subscribing to a multicast addresses (column 2, lines 62-67 - column 3, lines 1-17, 
column 9, lines 5-10, 36-42). 

Claim 29 discloses the method of claim 27, wherein establishing a packet tunnel 
comprises: maintaining a set of available multicast network addresses; selecting one of 
the multicast network addresses for the destination network address of the packet 
tunnel; and subscribing to a multicast channel for the selected multicast network 
address. Genty et al in view of Chen et al in view of Maeshima et al teaches of the 
limitations of claim 27 as recited above. It fails to teach of using multicast addresses. 
Shawcross teaches of maintaining a set of multicast addresses, selecting a multicast 
address and subscribing to the multicast addresses (column 5, lines 60-67, column 6, 
lines 1-5). 

Genty et al in view of Chen et al in view of Maeshima et al and Shawcross are 
analogous art because they are related to network attack prevention. 

At the time of the invention it would have been obvious to a person of ordinary 
skill in the art to use the multicast addressing in Shawcross with the system in Genty et 
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al in view of Chen et al in view of Maeshima et al because the technique prevents 
unauthorized personnel from knowing which address to disrupt (column 6, lines 12-14). 

Response to Arguments 
Applicant's arguments filed May 23, 2006 have been fully considered but they are 
not persuasive. 

Applicant asserts the prior art fails to teach of reserving for a packet tunnel an 
amount of bandwidth within an access link, and canceling the reserved bandwidth for 
the packet tunnel after establishing a new packet tunnel upon detecting a network 
attack. The Examiner respectfully disagrees, Maeshima et al teaches of reserving 
bandwidth for every tunnel on the network, which includes the new tunnel (column 3, 
lines 1-23, 28-32), Genty et al teaches of the original tunnel may be abandoned 
inherently canceling the bandwidth involved in the tunnel (column 6, lines 31-33) and 
detecting attacks (column 5, lines 48-59). 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Brian J. Gillis whose telephone number is 571-272- 
7952. The examiner can normally be reached on M-F 7:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Rupal Dharia can be reached on 571-272-3880. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Brian J Gillis 
Examiner 
Art Unit 2141 
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